You can forward events from Windows machines to a machine where the Log Insight Windows Agent is running.

You can use Windows Event Forwarding to forward events from multiple Windows machines to a machine on which the Log Insight Windows Agent is installed. You can then configure the Log Insight Windows Agent to collect all forwarded events and send them to a Log Insight server.

Get familiar with Windows Event Forwarding. See http://technet.microsoft.com/en-us/library/cc748890.aspx and http://msdn.microsoft.com/en-us/library/windows/desktop/bb870973(v=vs.85).aspx.

1

Add a new section to the Log Insight Windows Agent configuration to collect events from the Windows event channel that receives forwarded events.

The default channel name is ForwardedEvents.

.

2

Set up Windows Event Forwarding.

3

Restart the Log Insight Windows Agent service.

Go to the Log Insight Web user interface and verify that forwarded events are arriving.